lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ce2c83091001132245q2b42b533vd6519cb3fd0d01af@mail.gmail.com>
Date:	Thu, 14 Jan 2010 14:45:45 +0800
From:	Dongdong Deng <libfetion@...il.com>
To:	Masami Hiramatsu <mhiramat@...hat.com>
Cc:	linux-kernel@...r.kernel.org, ananth@...ibm.com,
	anil.s.keshavamurthy@...el.com, davem@...emloft.net,
	arjan@...radead.org, jkenisto@...ibm.com, prasanna@...ibm.com
Subject: Re: Did we really need to clear the IF flag at prepare_singlestep() 
	of x86 kprobes?

On Wed, Jan 13, 2010 at 2:18 PM, Masami Hiramatsu <mhiramat@...hat.com> wrote:
> Dongdong Deng wrote:
>> Hi Kprobe experts,
>>
>> I have a doubt about the handling "X86_EFLAGS_IF" at prepare_singlestep(),
>> Could you give me some suggestions?
>>
>>
>> arch/x86/kernel/kprobes.c:
>> 406 static void __kprobes prepare_singlestep(struct kprobe *p, struct
>> pt_regs *regs)
>> 407 {
>> 408    clear_btf();
>> 409    regs->flags |= X86_EFLAGS_TF;
>> 410    regs->flags &= ~X86_EFLAGS_IF;
>>   ...
>> }
>>
>>
>> for 410 line: Kprobe is intend to disable interrupt during the single step.
>>
>> I think it is enough that just setting X86_EFLAGS_TF as following reasons.
>>
>>
>> ******************
>> Reason 1: "debug trap" was initalized as an interrupt gate
>>
>> arch/x86/kernel/traps.c:892: set_intr_gate_ist(1, &debug, DEBUG_STACK);
>>
>> The "debug trap" was initalized as an interrupt gate, thereby during the
>> hanld function of debug exceptions, the X86_EFLAGS_IF have been
>> cleared automatically.
>>
>>
>> ******************
>> Reason 2: the priority among debug exceptions and interrupts
>>
>> Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume
>> 3A, page 5-11:
>>
>> If more than one exception or interrupt is pending at an instruction
>> boundary, the
>> processor services them in a predictable order. Table 5-2 shows the
>> priority among
>> classes of exception and interrupt sources.
>>           Table 5-2. Priority Among Simultaneous Exceptions and Interrupts
>> Priority       Description
>> 1 (Highest)    Hardware Reset and Machine Checks
>>                - RESET
>>                - Machine Check
>> 2              Trap on Task Switch
>>                - T flag in TSS is set
>> 3              External Hardware Interventions
>>                - FLUSH
>>                - STOPCLK
>>                - SMI
>>                - INIT
>> 4              Traps on the Previous Instruction
>>                - Breakpoints
>>                - Debug Trap Exceptions (TF flag set or data/I-O breakpoint)
>> 5             Nonmaskable Interrupts (NMI)
>> 6             Maskable Hardware Interrupts
>>
>>
>> From the table we could see debug exceptions lies in priority 4 and
>> external interrupt lies
>> in priority 6.
>>
>> Thereby the processor will handle Debug Trap Exceptions first, then
>> handle external interrupt.
>
> Hi Dongdong,
>
> Hmm, can that be applied on other x86 compat cpus too?
> And, when is the debug trap exception actually happened?

> 1: int3 ->
> 2:  -> pre_kprobe_handler
> 3:  -> prepare_singlestep
> 4: <- iret
> 5: execute instruction
> 6: debug trap ->
> 7: -> post_kprobe_handler
> ...
>
> If we have an interrupt before step4, does that interrupt
> really executed *after* step5? or step4?


Hi Masami,

Thanks for your detail explain, it is the key of my question. :)

I write a test case to proving it.

The test case required run on uniprocessor systems,

My machine is intel Xeon-Dual, so I disable the SMP support when
building kernel.


The test case works.

1: delay a long time during INT3 handler of kprobes.

2: add a printk at the net driver interrupt handler.(I am using
e10000e net-card)

3: startup system

4: using other PC to ping current machine all the while, thereby it
could generate net-card interrupt during INT3.

5: insmod the samples/kprobes/kprobe_example.ko .

6: using the following script to trigger kprobe.

#!/bin/bash
a=0 ; while [ $a != 8000 ]; do(ls ./); a=$(( $a + 1 )); done


Test output result:

# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 15
model name      : Intel(R) Xeon(R) CPU            5138  @ 2.13GHz
stepping        : 11
cpu MHz         : 2133.324
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 10
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe
syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl pni
monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca lahf_lm
bogomips        : 4266.64
clflush size    : 64
cache_alignment : 64
address sizes   : 38 bits physical, 48 bits virtual
power management:

# insmod  kprobe_example.ko
Planted kprobe at ffffffff8022df60

# /bin/bash 1.sh
pre_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df61, flags = 0x246
prepare_singlestep didn't clear X86_EFLAGS_IF
Got a e1000 intrrupt during kprobe single step!!!!
post_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df62, flags = 0x246
pre_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df61, flags = 0x246
prepare_singlestep didn't clear X86_EFLAGS_IF
Got a e1000 intrrupt during kprobe single step!!!!
post_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df62, flags = 0x246
1.sh               kprobe_example.ko
pre_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df61, flags = 0x246
prepare_singlestep didn't clear X86_EFLAGS_IF
Got a e1000 intrrupt during kprobe single step!!!!
post_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df62, flags = 0x246
1.sh               kprobe_example.ko
pre_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df61, flags = 0x246
prepare_singlestep didn't clear X86_EFLAGS_IF
Got a e1000 intrrupt during kprobe single step!!!!
post_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df62, flags = 0x246
1.sh               kprobe_example.ko
pre_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df61, flags = 0x246
prepare_singlestep didn't clear X86_EFLAGS_IF
Got a e1000 intrrupt during kprobe single step!!!!
post_handler: p->addr = 0xffffffff8022df60, ip = ffffffff8022df62, flags = 0x246
1.sh               kprobe_example.ko


>From the result of test cause,  the processor really tries to execute
interrupt right after step4.


>
> If the processor really tries to execute interrupt
> right after step5, your logic seems correct, but if it
> is done right after step4, clearing IF seems correct.

But I couldn't make sure that this test case is suitable or not.
If the test case is OK, my logic seems wrong.


Thank you very much,
Dongdong


>
> Thank you,
>
> --
> Masami Hiramatsu
>
> Software Engineer
> Hitachi Computer Products (America), Inc.
> Software Solutions Division
>
> e-mail: mhiramat@...hat.com
>
>

View attachment "test_case_kprobe_IF_EFLAGS.patch" of type "text/x-diff" (3388 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ